The invention relates to security methods, more especially verification of authenticity of an article such as an personal identification (ID) card, vendable product, important document or other item.
Many traditional authentication security systems rely on a process which is difficult for anybody other than the manufacturer to perform, where the difficulty may be imposed by expense of capital equipment, complexity of technical know-how or preferably both. Examples are the provision of a watermark in bank notes and a hologram on credit cards or passports. Unfortunately, criminals are becoming more sophisticated and can reproduce virtually anything that original manufacturers can do.
Because of this, there is a known approach to authentication security systems which relies on creating security tokens using some process governed by laws of nature which results in each token being unique, and more importantly having a unique characteristic that is measurable and can thus be used as a basis for subsequent verification. According to this approach tokens are manufactured and measured in a set way to obtain a unique characteristic. The characteristic can then be stored in a computer database, or otherwise retained. Tokens of this type can be embedded in the carrier article, e.g. a banknote, passport, ID card, important document. Subsequently, the carrier article can be measured again and the measured characteristic compared with the characteristics stored in the database to establish if there is a match.
Within this general approach it has been proposed to use different physical effects. One effect that has been considered is to measure a magnetic response characteristic from depositions of magnetic materials, where each sample has a unique magnetic response as a result of naturally occurring defects in the magnetic material which form in an irreproducible manner [1]. Another effect that has been considered in a number of prior art documents is to use laser speckle from intrinsic properties of an article to provide a unique characteristic.
GB 2 221 870 A [2] discloses a method in which a security device, such as an ID card, effectively has a token embossed on it. The form of the token is a structured surface derived from a master. The speckle pattern from the light scattering structure is unique to the master and therefore can be measured to prove authenticity of the token on the security device. The token on the security device is measured in a reader which has a laser for generating a coherent beam of a size roughly equal to the token (2 mm diameter) and a detector, such as a charged coupled device (CCD) detector, for measuring the speckle pattern created by the interaction of the laser beam with the token. The resulting data is recorded. For verification, a security device can be placed in the reader and its recorded speckle pattern signal compared against a similar recorded signal from a reference device created from the same master.
U.S. Pat. No. 6,584,214 [3] describes an alternative to using speckle patterns in reflection from a specially prepared surface structure, in which speckle patterns are instead used in transmission from a specially prepared transparent token. The preferred implementation of this technique is to prepare epoxy tokens of dimension approximately 1 cm×1 cm in which glass spheres are embedded. The tokens are prepared by mixing the glass spheres in a colloidal suspension in a liquid polymer, which is then cured to fix the positions of the glass spheres. The unique ensemble of glass spheres is then probed using a coherent laser beam in transmission with a CCD detector positioned to measure the speckle pattern. In a modification of this approach, a known identifier is encoded on a reflective surface which is then stuck to one side of the token. The probing light passes through the token, is reflected by the known identifier and passes through the token again. The glass spheres thus modify the speckle pattern so that a unique hashed key is generated from the known identifier. Kralovec [4] briefly reports that in the 1980's workers at Sandia National Laboratories in the US experimented with special banknote paper which was impregnated with chopped-up optical fibres. A speckle pattern could be measured from the optical fibres and a digitally signed version of this printed as a barcode on the side of the note. However, Kralovec reports that this idea could not be made to work properly, because the optical fibres were too fragile and the speckle pattern changed rapidly when the banknote was circulated owing to wear. This meant that the speckle pattern measured from the optical fibres in a used banknote no longer matched the barcode, so the banknote could no longer be authenticated from the speckle pattern in the intended manner.
Anderson [5] on page 251 of his 2001 text book also briefly refers to what appears to be a similar scheme to that described by Kravolec [4] which is used for monitoring arms control agreements. Anderson observes that many materials have surfaces that are unique or that can be made so by eroding them with a small explosive charge. This is said to make it easy to identify capital equipment such as heavy artillery, where identifying each gun barrel is enough to prevent cheating by either party to an arms control agreement. Anderson reports that the surface pattern of the gun barrel is measured using laser speckle techniques, and either recorded in a log or attached to the device as a machine-readable digital signature.
Instead of using laser speckle, there is a more-straightforward group of proposed schemes that simply image an article at high resolution and use this high resolution image as the unique characteristic, which can then be re-imaged subsequently for verification of authenticity. This may be regarded as an adaptation of the conventional approach used for fingerprint libraries held by police forces.
U.S. Pat. No. 5,521,984 [6] proposes using an optical microscope to take an image of a small area of a valuable article, such as a painting, sculpture, stamp, gem or specific document.
Anderson [5] on page 252 of his 2001 text book reports that postal systems were considering schemes of this kind based on direct imaging of envelopes with a microscope. It is reported that an image of the paper fibres of an envelope is made, a pattern extracted, and recorded in the postal franking mark, which is digitally signed.
U.S. Pat. No. 5,325,167 [7] proposes imaging the grain structure of toner particles on a part of a valuable document following a similar scheme.
Through this previous work, there are various desirable features that are apparent for an ideal verification scheme.
The reported magnetic or speckle based techniques appear to be capable of providing high security levels, but require special materials to be prepared [1, 2, 3] for practical implementation to ensure long-term stability of the probed structure [4]. In many cases, integration of a token into the article to be secured is non-trivial. Particularly, integration of a resin token or a magnetic chip in paper or cardboard is not easy and involves significant cost. For integration with paper or cardboard, any token should ideally be printable. Additionally, there is also an inherent security risk of an attachable token-based approach in that the token is potentially detachable and attachable to a different article.
The reported direct imaging techniques [5, 6, 7] have the advantage that they obtain their digital signature directly from the article, obviating the need for special tokens. However, their intrinsic security is low. For example they are vulnerable to fraudulent access to the stored image data which may allow fabrication of an article that could be verified incorrectly as being authentic, or to forging by simply using a high resolution printer to print an image of what would be seen under a microscope when viewing the relevant part of the genuine article. The security level of direct imaging techniques also scales with the volume of the image data, forcing use of expensive high resolution imaging equipment for higher security levels. This may be acceptable in some applications, such as postal sorting or banknote verification, but in many applications will be unacceptable.